release-health
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several commands using a
gh-managerutility to interact with GitHub repositories. This includes read operations (listing releases, comparing commits, fetching changelogs) and write operations (creating draft releases, publishing releases, creating branches, updating files, and opening pull requests). These operations require write access to the target repository. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from external repositories.
- Ingestion points: The skill ingests untrusted content through
gh-manager releases compare(retrieving commit messages) andgh-manager files get/gh-manager releases changelog(retrieving changelog file content). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat ingested data as untrusted or to ignore embedded instructions within the commit history or changelogs.
- Capability inventory: The skill has broad capabilities including
gh-manager releases publish,gh-manager files put(file writing), andgh-manager prs create(PR creation). - Sanitization: The skill lacks sanitization or validation of the ingested strings before they are summarized or used to generate release notes and pull request descriptions, which could allow an attacker to influence agent behavior through malicious commit messages.
Audit Metadata